From 677bd668b7a0b2141fa01e9b4760c8f5fa98e1d9 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Tue, 14 Jun 2022 21:29:17 +0200
Subject: [PATCH] crypto: fix webcrypto generateKey() with empty usages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/43431
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
---
 lib/internal/crypto/webcrypto.js                 | 5 +++++
 test/parallel/test-webcrypto-keygen.js           | 9 +++++++++
 test/parallel/test-webcrypto-sign-verify-hmac.js | 2 +-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
index a5f442b0e57cfb..dc2e94aae7770e 100644
--- a/lib/internal/crypto/webcrypto.js
+++ b/lib/internal/crypto/webcrypto.js
@@ -89,6 +89,11 @@ async function generateKey(
   algorithm = normalizeAlgorithm(algorithm);
   validateBoolean(extractable, 'extractable');
   validateArray(keyUsages, 'keyUsages');
+  if (keyUsages.length === 0) {
+    throw lazyDOMException(
+      'Usages cannot be empty when creating a key',
+      'SyntaxError');
+  }
   switch (algorithm.name) {
     case 'RSASSA-PKCS1-v1_5':
       // Fall through
diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js
index 32e8fc39ee6d15..5d039fdf036344 100644
--- a/test/parallel/test-webcrypto-keygen.js
+++ b/test/parallel/test-webcrypto-keygen.js
@@ -210,6 +210,15 @@ const vectors = {
 // Test bad usages
 {
   async function test(name) {
+    await assert.rejects(
+      subtle.generateKey(
+        {
+          name, ...vectors[name].algorithm
+        },
+        true,
+        []),
+      { message: /Usages cannot be empty/ });
+
     const invalidUsages = [];
     allUsages.forEach((usage) => {
       if (!vectors[name].usages.includes(usage))
diff --git a/test/parallel/test-webcrypto-sign-verify-hmac.js b/test/parallel/test-webcrypto-sign-verify-hmac.js
index 3028816054ca76..0962773b132768 100644
--- a/test/parallel/test-webcrypto-sign-verify-hmac.js
+++ b/test/parallel/test-webcrypto-sign-verify-hmac.js
@@ -153,7 +153,7 @@ async function testSign({ hash,
   }
 
   await assert.rejects(
-    subtle.generateKey({ name }, false, []), {
+    subtle.generateKey({ name }, false, ['sign', 'verify']), {
       name: 'TypeError',
       code: 'ERR_MISSING_OPTION',
       message: 'algorithm.hash is required'